The present invention concerns a selective connection device for connecting at least one peripheral to a target computer and a selective control system comprising such a device. It is aimed in particular at the field of selective connection devices for a control device composed of input/output peripherals with different target computers. More particularly, the invention concerns such a device affording guarantees of security by preventing communication between the various target computers that may be controlled.
Hereinafter, any electronic information processing device will be called by the generic term computer. Devices allowing the selective control of several target computers, from the same set of input/output peripherals, already exist. Such devices allow the selective connection of a computer screen and keyboard to several computers. These devices generally allow the connection of several video cables, generally according to the VGA (Video Graphic Array in English) standard, and several keyboard and/or mouse cables, generally according to the PS/2 (Personal System/2 in English) or USB (Universal Serial Bus in English) standard, which are directly connected to the central units and to the device. On the other hand, one cable is connected to a screen and two others to the keyboard and mouse. A selector makes it possible to physically connect the video cable connected to the screen to one of the cables connected to one of the central units, while the keyboard and mouse cables are connected, via the same selector, to the same central unit. By an action on the selector, the user can thus change the central unit to which the screen, keyboard and mouse that he is using are connected. Such devices are well known and relatively simple to design. On the other hand, connection is possible only over relatively short distances. In particular, the video link is limited to a few meters. This solution therefore cannot be envisaged whenever it is wished to be able to control central units distant by more than a few meters.
Software solutions exist that allow the distant control of computers over a telecommunication network. It is possible to cite by way of example the RDP (Remote Desktop Protocol in English) connection protocol that makes it possible to take control of a distant machine by conveying, via an IP network, the commands coming from the local control keyboard to the computer that is to be controlled, on the one hand, and on the other hand graphical commands from the controlled computer to the control computer. In this way, the distant computer is controlled over the network from the peripherals of the local computer in the same way as if the screen, keyboard and mouse of the local computer were directly connected to the distant computer. It is possible by this means to connect successively to different machines and therefore to effect a selective control of a plurality of distant computers from the same control device. The control device is composed here of the screen, the keyboard and the mouse of the local computer. This solution differs from the previous one by the fact that a local central unit is necessary in order to manage the command exchange protocol between the control device and the controlled computer. This central unit makes it possible to organise firstly the encapsulation of the keyboard and mouse commands in data packets sent via the network to the distant computer, and secondly the reception and interpretation of the graphical commands for the local reproduction of the control screen of the distant computer. The distant computer must be provided with dual means for receiving and interpreting the commands issuing from the keyboard and mouse, on the one hand, and the sending of graphical commands on the other hand. Various solutions based on these principles are at the present time offered for all available operating systems: the client server protocol X11 within X-windows on UNIX works stations can be cited.
These software solutions function very correctly provided that the local computer dedicated to the control and the distant computers that it is wished to control are connected to the same communication network. Whenever the distant computers belong to distinct networks, the problem becomes complicated. This is because, in order to make the software solutions as described function, it is first necessary to connect the control computer to the communication network affording connection to the distant computer that it is wished to control, which may be called the target computer. The operation consisting of changing target computer consequently becomes relatively complex as it involves disconnection of the current control session, connection to a new physical communication network, change of network parameters in order to take account of the new network and finally initialisation of a new control connection with the new target computer. There is therefore there a first problem related to the complexity of the operation of changing target computer.
Moreover, one of the reasons why it may be necessary to wish to control target computers belonging to different networks relates to questions of security. In this case, it is possible that these different target computers may belong to networks that have been intentionally separated since they do not all have the same security constraints. In this case, it is generally desired to prevent the communication of potentially sensitive information between these different networks, the propagation of malicious codes, taking control, etc. In this context of the wish for security and impermeability of the various networks to any transfer of data, a local network serving to control target computers in alternation on these different networks represents a weakness of the security system. This is because it is difficult to guarantee that information cannot be stored on this control computer during a session on a first network so as to reach a second network during a subsequent control session.